From 479665ca624e9a77ed16f1d4187f6a5d483a714f Mon Sep 17 00:00:00 2001
From: Varun Patil <varunpatil@ucla.edu>
Date: Thu, 9 Feb 2023 12:02:11 -0800
Subject: [PATCH] map: fix for sw

---
 lib/Controller/OtherController.php           |  6 +-----
 lib/Controller/PageController.php            | 16 ++++++++++++++--
 src/components/top-matter/MapSplitMatter.vue |  1 +
 3 files changed, 16 insertions(+), 7 deletions(-)

diff --git a/lib/Controller/OtherController.php b/lib/Controller/OtherController.php
index 8b83e6b4..9ad2d464 100644
--- a/lib/Controller/OtherController.php
+++ b/lib/Controller/OtherController.php
@@ -73,11 +73,7 @@ class OtherController extends ApiBase
             'Content-Type' => 'application/javascript',
             'Service-Worker-Allowed' => '/',
         ]);
-        $policy = new ContentSecurityPolicy();
-        $policy->addAllowedWorkerSrcDomain("'self'");
-        $policy->addAllowedScriptDomain("'self'");
-        $policy->addAllowedConnectDomain("'self'");
-        $response->setContentSecurityPolicy($policy);
+        $response->setContentSecurityPolicy(PageController::getCSP());
 
         return $response;
     }
diff --git a/lib/Controller/PageController.php b/lib/Controller/PageController.php
index e4a5fe1f..547ba61c 100644
--- a/lib/Controller/PageController.php
+++ b/lib/Controller/PageController.php
@@ -102,9 +102,21 @@ class PageController extends Controller
     /** Get the common content security policy */
     public static function getCSP()
     {
+        // Image domains MUST be added to the connect domain list
+        // because of the service worker fetch() call
+        $addImageDomain = function ($url) use (&$policy) {
+            $policy->addAllowedImageDomain($url);
+            $policy->addAllowedConnectDomain($url);
+        };
+
+        // Create base policy
         $policy = new ContentSecurityPolicy();
         $policy->addAllowedWorkerSrcDomain("'self'");
         $policy->addAllowedScriptDomain("'self'");
+        $policy->addAllowedFrameDomain("'self'");
+        $policy->addAllowedImageDomain("'self'");
+        $policy->addAllowedMediaDomain("'self'");
+        $policy->addAllowedConnectDomain("'self'");
 
         // Video player
         $policy->addAllowedWorkerSrcDomain('blob:');
@@ -116,8 +128,8 @@ class PageController extends Controller
 
         // Allow OSM
         $policy->addAllowedFrameDomain('www.openstreetmap.org');
-        $policy->addAllowedImageDomain('https://*.tile.openstreetmap.org');
-        $policy->addAllowedImageDomain('https://*.a.ssl.fastly.net');
+        $addImageDomain('https://*.tile.openstreetmap.org');
+        $addImageDomain('https://*.a.ssl.fastly.net');
 
         return $policy;
     }
diff --git a/src/components/top-matter/MapSplitMatter.vue b/src/components/top-matter/MapSplitMatter.vue
index 93dbdd91..2e152656 100644
--- a/src/components/top-matter/MapSplitMatter.vue
+++ b/src/components/top-matter/MapSplitMatter.vue
@@ -3,6 +3,7 @@
     <LMap
       class="map"
       ref="map"
+      :crossOrigin="true"
       :zoom="zoom"
       :minZoom="2"
       @moveend="refresh"